Aim
Results 1 to 8 of 8

Thread: Aim

  1. #1

    Aim

    I recently found a very interesting flaw in the AIM server log-on mechanism. It began when I logged on to my account on a windows box and began messages with maybe three people.

    I then played a little unreal tournament 2003 and left the computer signed-on to AIM and the messages to the certain individuals were still active.

    I then logged on to my linux box on the same LAN as the windows box, I proceded to log on to GAIM and continue the conversations that I had previously left up on the windows box. I typed to the users which I had previously been chatting with and received no responce from either users for a long duration of time....

    Curious, I went back up to my windows box and sure enough I was still logged on to AIM and was receiving the messages that I had typed on the linux box on the windows box, and the users that I had been talking to had actually been talking to me the whole time but the windows box's client was recieving all the incoming messages.

    I find this rather interesting and I think that it opens a new gaping hole in the hijacking of AIM messages. May someone know what have happened????

    scat
    If the scatman can do it so can you.

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I have something like that happen to me on AO. If I log on with one computer then log on another everything is fine I can post from both. When I log off one the other gets logged off also. Sort of like what is happening to you. I wouldn't say that what is happening to you it is too big a whole given that you need to be on the same LAN for this to happen. Also, I'm assuming you still had to log on with your username and pass on the linux box with GAIM. Still an interesting phoenomena.

  3. #3
    Well, I think the phenomena that exists in the fact that, the AIM server sends the incoming messages to the windows box possible because it was the first box to 'check-in' with the server. Also, the AIM server is designed to log the user if he/she logs-on from a remote location. It's naturally due to the fact that GAIM and AIM don't work the same or use the same packet structure, or something of that nature.

    scat
    If the scatman can do it so can you.

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    179
    To add to this I think maybe it is a new feature with aim.

    Recently while at school (community college) I logged on to my aim account (using the aim client that comes w/ Netscape 4.0). My account at home was still on (using aim 5.2.3292 for windows) When I logged on I recived a message similar to the following but can't remember what it was exactly.

    "message from aim: You are now currently logged on at two locations. Click here for more information: LINK"

    Maybe aim is now letting users be signed at two locations simontainously, I can see how the applications would be useful. Many use aim as more then a simple chat tool, my friends often leave me messages on my aim account. When I log on somewhere else those messages are lost, and when I sign off at the remote location this means my client is no long available.

    Maybe by using gaim (which is not distibuted by aol) does not correctly work with this new feature. This would explain your experience of not reciving messages on the gaim client.

    This is all just speculation, hope it helps.

    DeafLamb

  5. #5
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    I had a similar incident but with GAIM when I was trying to send a pic/Direct connect

  6. #6
    Senior Member
    Join Date
    Jun 2002
    Posts
    311
    Hmm.. Take a look at my screenshots-

    http://www.angelfire.com/oz/fatphantum/aimscreenie1.jpg
    http://www.angelfire.com/alt/fearthe...mscreenie2.jpg

    They might take awhile to load (there 1024 - 800) so right click on it, then save as.

  7. #7
    Member
    Join Date
    Jul 2002
    Posts
    50
    OK, today I was already signed into my AOL instant messenger with my "away" message up for quite sometime. I got a "knock knock" pop up asking if I would like to accept from user "AOL System MSG" I said "no", not having any clue who this was. I signed off, and then back on, and received an odd message saying I was signed in at 2 locations (see link for explanation of this message) I just thought it was odd that I was receiving this message because I wasn't signed into AIM on any other computer, other than my own (that i am aware of). So that's my story and the reason I found this link. Just wanted to share this with you. It seems AOL has made it so you can now sign on from multiple places. They have it so you can receive IM's on your cell phones, and PDA's etc.

    AOL SYSTEM MSG

  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    I just varified both using AIM and GAIM and combinations of both that you could have multiple open sessions at one time. I recived no message saying that I was logged on in multiple locations, but I did verify that my messages showed up on the other computers screen also. That could lead to some interesting things. Imagine if you compromised someone's AIM session then signed on and watched all of their conversations. I work in a hostile enviornment too, I guess everyone needs to watch their back.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides